It seems as though every day there is news of a cyberattack resulting in a massive data breach. From Facebook to Canva to Capital One and Quest Diagnostics – so many were targeted and no industry was spared. The multi-million dollar companies with in-house protection fell short and inefficiencies were exposed.  If these mega-companies with huge investments in security are susceptible where does that leave a small to mid-sized business?  Cybercriminals are targeting small and medium-sized businesses with a lot more frequency because they know that there is little to no investment in cybersecurity. In a quick pivot some are looking toward outsourced information security to supplement their Chief Information Security Officer’s responsibilities or and seeking the support of virtual CISO (vCISO) services to avoid falling victim.

As a direct result of the massive breaches millions of consumers were affected. Their personal data and information were leaked and may have made its way onto the dark web where it could be used by cybercriminals to conduct fraudulent activity. The attacked companies spent hundreds of thousands to millions of dollars trying to rectify their situations lessen the fallout and protect against future attacks. The totality of the resulting – and future – implications are still widely unknown. And they keep adding up for both the companies and the consumers.

But here is another thought. How about the other breaches that weren’t as widely reported? You know the tens of thousands of smaller businesses that were attacked but weren’t brought into the limelight?

Unfortunately cyber attackers successfully obtained sensitive data from smaller unprotected businesses who – knowingly or unknowingly – left information unprotected or at-risk. In general small businesses that have sensitive and personally identifiable data do not often have the powerful internal resources and education offered by skilled Chief Information Officers or the expensive enterprise-level security of rich companies. These smaller shops just do not have the funds and resources to hire internal professionals and implement and manage a robust security initiative. And in reality small business owners may not consider this a priority. They may not know where or how to begin in terms of data security and may be unaware of liability and potential legal and financial implications of an attack or breach.

The latest stats show that hackers have identified this small-business vulnerability and in 2019 45% of breach victims were small businesses (1-250 employees). The same group had the highest targeted malicious email rate at 1 in 323. (data from varonis.com)

These stats show us that not only do small businesses not have processes systems and people in place to protect against potential hacks they also need more education for their leadership and employees. “Preventable” hacks can be from phishing schemes which with some education and employee training can be avoided.

Small businesses can choose to be proactive or reactive to potential breaches. Choosing to be reactive would be waiting until something happens then sinking upwards of tens of thousands of dollars to clean it up. In reality 60 percent of small companies close within 6 months of being hacked according to Cybercrime Magazine.

A proactive approach is the best option for getting ahead of this unsettling trend. However rather than seeking an affordable information security professional (who is likely a unicorn in 2020) small businesses can invest in an outsourced information security solution that can provide everything from a virtual Chief Information Security Officer (VCISO) to employee training and even testing to identify the vulnerabilities and actions that may be putting the company and its data at risk.

While the announcement of breaches and dollars spent to protect and clean-up the fallout continues to rise there are ways to approach and obtain a viable plan of protection. These information security solutions can lessen the probability of falling victim and/or reduce the impact of the breach for small businesses and consumers.

Reach out to The Logic Group to learn how we can help protect your business with a virtual CISO (vCISO).